Information Security, Top News

Ransom email scam from ‘hitman’ demands: pay up or die

Spiceworks user Dave Lass recently alerted Naked Security, and fellow Spiceheads, to a horrible little email scam that’s supposed to scare the life out of you.

One of his users opened their email and saw this compelling subject line, urging them to read on…

Subject: Please read this it can be the most important information in your life

It’s the sort of subject line that people who like you, people you work with and people who actually-have-something-important-to-tell-you-that-might-change-your-life probably don’t use. It’s the language of radio DJs hoping you’ll hang on grimly through the commercials, click-hungry Outbrain headlines and YouTube conmen.

It’s a hook, in other words – a sign that you can take whatever comes next with a pinch of salt.

Which is good, because you’re going to need it for what comes next:

Hello I advise you to take this message seriously, if you value your life, since this is not a joke or a scam. I've been thinking for a long time whether it's worth sending this message to you and decided that after all you still have the right to know. I'll try to be short. I received an order to kill you, because your activity causes trouble to a particular person. I studied you for quite a time and made a decision to give you a chance, despite the specifics of my job, the business rules of which do not allow me to do this, as this will kill my reputation (more 12 years of perfect order executions)in certain circles. But i decided to break a rule since this is my last order (at least I do hope so). In general, let's Break it down. I want you to pay the amount of 0.5 Btc. I accept btc. Information how to forward you can find in Google. Here are my payment details: 168firBiYcezkNhpe2CEie3JgjzvF2bfZP When i will receive funds I'll send you the name of the man order came from, as well as all the evidence i have. You will be able to use them with the police. I would not suggest you to call the police, because you have a little time (2 days) and the police simply will not have time to investigate. Answering to this letter does not make sense, i use one-time mailbox, cause i really do care about my anonymity. I'll contact you as soon as i'll getfunds. I really regret that you became my prey.

I’d like to believe that anyone and everyone who gets this will laugh at its sheer preposterousness; that their good sense will tell them that the person who wrote it knows nothing about them; that it’s just words arranged on a page whose rightful place is as an object of fascination and ridicule alongside the infamous liver transplant spam, and nothing more.

I want to believe that because the alternative is that somebody, somewhere is made to feel afraid, even if it’s just for a moment. This isn’t “buy some viagra”, it’s not even “we’ve hacked you, pay the ransom”, it’s “pay up or die”.

Whatever the value of a Bitcoin was when the spammer hit send, it probably wasn’t far off the current value of about $16,500, meaning the spammer was hoping to make somebody so afraid that they’d part with $8000 on the strength of an email.

Thankfully, through the magic of Bitcoin, we can see that they haven’t succeeded yet, not with this Bitcoin address at least. At the time of writing, nobody seems to have fallen for this horrid scam and the spammer’s cupboard is bare.

What to do?

There are two victims here – the person who received the email, and the person who owns the mailbox the email says it came from.

The message looks like it was sent from an address owned by a perfectly legitimate small business – it probably wasn’t. The spammer may have hacked into that company’s email but since they aren’t picking up replies they needn’t, they can simply forge the email’s From header.

If you own a domain name, or your small business does, please take time to set up SPF and DKIM records to prevent people sending emails that appear to come from you.

If you receive one of these emails don’t reply, don’t worry and don’t give it a second thought, but be sure to mark it as spam. Telling your email software that the message is junk or spam helps train your spam filters and reduces the chances of you, or anyone else, seeing something as unwelcome as this again.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend